v0.0.1

skill-README-writer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:55 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (base64-block); human review is required before treating this skill as clean.

GuidanceThis skill appears safe for its stated purpose. Before using it, point it only at the project you want documented, check the information it extracts, and review the generated README before allowing it to overwrite or replace an existing file. ClawScan detected prompt-injection indicators (base64-block), so this skill requires review even though the model response was benign.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

自动读取：package.json、requirements.txt、pyproject.toml、Cargo.toml、主语言文件（.py/.js/.ts/.rs 等）、目录结构、现有 README（如有）

The skill instructs the agent to read project files and existing documentation so it can generate a README. This is aligned with the stated purpose, but it gives the agent project-scoped file access.

User impactThe agent may inspect source/configuration files in the project and later create or update README-related files.

RecommendationUse it on a specific intended project path, review the collected project information and draft README before accepting changes, and keep the backup when replacing an existing README.